[Snort-devel] Snort Crash logging to a mysql db, current CVS version

Len Burns lenb at ...122...
Wed Apr 11 12:27:14 EDT 2001


I have been testing the current CVS version of snort over here logging
to a mysql database.  It appears to be logging normally, except that
from time to time it crashes and dumps core.  I tried last evening to
get it to perform its mischief with a version of snort built with
debugging enabled, but it for some reason would not crash.  It is
running under NetBSD-1.5 i386, logging to mysql version 3.23.35.  I am
using the current CVS version of acid to manage output.  Snort is
being started as follows:
./snort  -D -b -o -i fxp0 -c snort.conf
I am using the rules from the CVS distribution unmodified.  I hope I
have not forgotten anything of import.
Here is the backtrace from my latest crash:
(gdb) bt
#0  Database (p=0x8914800,
    msg=0x80783c0 "Incomplete Packet Fragments Discarded",
    at spo_database.c:789
#1  0x80548d1 in CallAlertPlugins (p=0x8914800,
    message=0x80783c0 "Incomplete Packet Fragments Discarded") at
#2  0x805487c in CallAlertFuncs (p=0x8914800,
    message=0x80783c0 "Incomplete Packet Fragments Discarded",
    at rules.c:3299
#3  0x805d57e in ReassembleIP (froot=0x0) at spp_defrag.c:767
#4  0x805d751 in PreprocDefrag (p=0xbfbfd6e0) at spp_defrag.c:909
#5  0x80547ae in Preprocess (p=0xbfbfd6e0) at rules.c:3241
#6  0x804b4ee in ProcessPacket (user=0x0, pkthdr=0x80b0a94,
pkt=0x80b0aa6 "")
    at snort.c:479
#7  0x480c0d8d in pcap_read ()
#8  0x480c1233 in pcap_loop ()
#9  0x804c707 in InterfaceThread (arg=0x0) at snort.c:1359
#10 0x804b3f0 in main (argc=8, argv=0xbfbfdc0c) at snort.c:413
#11 0x804ac49 in ___start ()



